Our customers

Free tools

VULNIT develops and maintains free and open-source tools used to test specific vulnerabilities.

XSS Scanner

XssScanner is an open-source tool designed to find XSS injections (Cross-Site Scripting).
What does it brings, compared to the existing tools dedicated to XSS detection? Just try it!

It is written in Java and published under GPL v3.
You can download it here.

Command injection scanner

CommandInjectionScanner is an open-source tool designed to detect command injections in web applications, using
a time based method.
It is written in Python and published under GPL v3.
You can download it here.

LDAP injection scanner

LDAPInjectionScanner is an open-source tool designed to detect LDAP injections in web applications, using
an error based method.
It is written in Python and published under GPL v3.
You can download it here.

CSRF Scanner

CSRFScan is an open-source tool designed to find CSRF (Cross-Site Request Forgery) security flaws on forms.
The tool uses a static analysis of pages to determine if the form is protected or not.
This approach relies on this document describing the 4-pass reverse diff analysis.

It is written in Python and published under GPL v3.
You can download it here.